Re: [expert] Re: tracking employees
snip What you need to do is this: Draft up a 'charter' for the use of the Internet within the company. Make sure that this charter contains clauses such as "All Internet resources are to be used for Company businss only", "The Company reserves the right to monitor any and all Internet traffic to and from the Company's site", "All e-mails to or from the Company's network are the property of the Company", and "Failure to adhere to these clauses may result in disciplinary action - serious breaches may result in the employee's dismissal". Issue a copy of this charter to any employees who may use the system, and have them sign and return it to you. You may wish to make this charter part of the employee's contract of employment - many companies do in the UK. This is exactly what I had in mind. As I've already made clear, I have a much bigger problem with companies that don't clarify things in this way, allowing the company to gather data on their (admittedly naive) employees. I will make sure that everyone understands the situation - as you say, most will understand once things are explained. Although some people talk of posting such logs on Company Intranet sites, etc., this can sometimes be more trouble than it is worth. Say for example, an employee logs into a child pornography site - do you really want that appearing to all your employees at your site, or would you rather just quietly gather the information/evidence that you need in order to assist the police in prosecution? Also, by publishing the logs, people can not only see what you are logging, but more importantly, they can see what you are NOT logging. Good point, I'll have to think about this. Another aspect to consider is this. I did not have time to check all the logs, all the time. I was often working over ninety hours a week as it was - I was responsible for a WAN that covered sites up to 200 miles away, and was on call 24/7. So, I set up a random schedule of checking a particular set of logs for a week or so, then changing to a different set, etc. I also allowed rumors to spread that I was logging/monitoring more than I really was... One problem: I have tried to set the network up to run as autonomously as possible. The logging has to be accessible to the Director, rather than myself, and possibly maintained by the information officer, so I do need a script to publish to the intranet or email the logs in some form. Perhaps a collation utility as well, to view monthly stats. I see your point when it comes to staff being able to find holes in the logging system, but without me being around to remind them that 'I can see you', they may forget. Everyone being able to see everyone will ensure that *no-one* forgets. Anyway, the original post was more a question as to how to set this up inside the computer, rather than office protocol. I'm interested in scripts to monitor the traffic across a PPP connection, perhaps collate them and display them on the web. Any ideas? Thanks, Tom Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
[expert] Re: tracking employees
snip Since company time is an issue, you might want to consider blocking sports sites, chat rooms, games, and maybe even porn sites. People are human and it wouldn't be the first time an employee had a little fun on company time. Then, if you still want to track them set an invisible cookie that can't be disabled in the browser. Blocking software tends to either miss things that should be blocked or blocks the wrong things, so I'm trying to avoid that. I'm curious about English law and not trying to insult you or start a flame war. I'm in the US and am sure we have privacy groups that would complain loudly about tracking an employee's viewing habits unless it was porn. What is your countries policy on tracking employee web surfing? I feel much the same way. The principle problem is money - it still costs a great deal to connect an office to the internet during the day through dialup. We really need to keep costs down and the Internet will only push them up. If we had a permanent connection to the Internet, I would feel worse about doing this, but I don't see any other way of going about it. I agree with you in spirit about the privacy principle, but don't see how it can be reconciled with the fact that employees shouldn't be using company time for ANY personal browsing. A clear privacy policy will be drawn up. There are other situations that would make me feel more uncomfortable: 1) Tracking employees, not telling (or reminding) them of this and using this tracking to deduce private information, such as political affiliation, sexual orientation... 2) Tracking of people online in a more general way. I'm worried about a possible employer being able to buy information about my browsing habits from the internet tracking firms, such as DoubleClick. I hasten to add that I think that there are much worse people than DoubleClick out there, possibly because DoubleClick are most in the public glare. In short, I think that there is no enshrined right of privacy over here, but I don't think that one exists in the US either. If anything, the European Union is doing more to solve this, with privacy regulation that would cover this and, more importantly, case (2) above. tom Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Re: [expert] Re: tracking employees
I work for the US government (active duty USAF) and all telephone have stickers and every start up computer screen, and paperwork we sign, clear states government/office equipment is for official use only, and any use is consent to monitoring. This policy does cut down non work related surfing and gives management legal tools to punish. Best Regards, Bruce
Re: [expert] Re: tracking employees
Hi. Maybe I could help to clarify this a little. Although I now live in the USA, I was born and raised in the UK, and lived there until I emigrated six months ago. While I was in the UK I worked as a Network Administrator, and had to consider a similar situation - many bosses forget that Network Administrators also need to be legal experts ;-D As far as I could figure, the situation in the UK was that your company can basically track/log/view anything they want to, as long as the employees are aware that this can happen. What you need to do is this: Draft up a 'charter' for the use of the Internet within the company. Make sure that this charter contains clauses such as "All Internet resources are to be used for Company businss only", "The Company reserves the right to monitor any and all Internet traffic to and from the Company's site", "All e-mails to or from the Company's network are the property of the Company", and "Failure to adhere to these clauses may result in disciplinary action - serious breaches may result in the employee's dismissal". Issue a copy of this charter to any employees who may use the system, and have them sign and return it to you. You may wish to make this charter part of the employee's contract of employment - many companies do in the UK. Although some people talk of posting such logs on Company Intranet sites, etc., this can sometimes be more trouble than it is worth. Say for example, an employee logs into a child pornography site - do you really want that appearing to all your employees at your site, or would you rather just quietly gather the information/evidence that you need in order to assist the police in prosecution? Also, by publishing the logs, people can not only see what you are logging, but more importantly, they can see what you are NOT logging. Another aspect to consider is this. I did not have time to check all the logs, all the time. I was often working over ninety hours a week as it was - I was responsible for a WAN that covered sites up to 200 miles away, and was on call 24/7. So, I set up a random schedule of checking a particular set of logs for a week or so, then changing to a different set, etc. I also allowed rumors to spread that I was logging/monitoring more than I really was... Although some employees started to view me as the classic "Bastard Operator From Hell", these were very much in the minority - most supported my actions, especially once the reasons were explained to them. You also need to make sure that you do act on breaches. For example, I once caught a fairly senior manager e-mailing a movie file clip to a co-worker. This movie clip portrayed some extreme sado-masochistic pornography. Now, I was actually fairly friendly with this manager, but I could not allow such material to circulate on the company networks, so I had to take the necessary disciplinary action with the employees involved. At the time, the company only had 64K ISDN access to the Internet and their own WAN, and the thing that alerted me in this case was the sudden chronic drop in network performance as this file was doing the rounds... Anyway, to sum all of this up, as long as the employees are aware that they may be monitored, you can monitor just about anything that they do that involves Company equipment/Company time. Remember that an employee who is spending Company time browsing the web or e-mailing for their own (rather than business) use is effectively stealing from the Company, especially when dial-up costs are involved. I have seen people fired for stealing items worth only a few pounds... Hope this helps. Regards, Ozz.